keystone public client requests can leak admin endpoint details
Bug #1543335 reported by
sahilsinha
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
python-openstackclient |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Keystone is set up with a publicURL that points to a public IP.
from a remote client accessing the publicURL endpoint:
openstack token issue works as expected
openstack user password set (or any other keystone command) returns:
Failed to contact the endpoint at https:/
Unable to establish connection to https:/
doing openstack --os-interface public resolves the issue and allows one to update a password via the publicURL endpoint or get the appropriate response from other commands(403)
description: | updated |
Changed in python-openstackclient: | |
status: | Incomplete → Invalid |
information type: | Private Security → Public |
To post a comment you must log in.
It is possible this is a keystoneclient default leaking though (I haven't looked yet).